A 26-year-old Ukrainian national has been charged in the U.S.
for his alleged role in the Raccoon Stealer[1]
malware-as-a-service (MaaS) operation.
Mark Sokolovsky, who was arrested by Dutch law enforcement after
leaving Ukraine on March 4, 2022, in what’s said to be a Porsche
Cayenne, is currently being held in the Netherlands and awaits
extradition to the U.S.
“Individuals who deployed Raccoon Infostealer to steal data from
victims leased access to the malware for approximately $200 per
month, paid for by cryptocurrency,” the U.S. Department of Justice
(DoJ) said[2]. “These individuals used
various ruses, such as email phishing, to install the malware onto
the computers of unsuspecting victims.”
Sokolovsky is said to have gone by various online monikers like
Photix, raccoonstealer, and black21jack77777 on online cybercrime
forums to advertise the service for sale.
Raccoon Stealer, mainly distributed under the guise of cracked
software, is known to be one of the most prolific information
stealers[3], put to use by multiple
cybercriminal actors for its extensive features and the
customizability offered by the malware.
Active since April 2019, the threat actors behind the operation
abruptly halted work on the project earlier this March, citing the
loss of a core member due to a “special operation.”
While this was interpreted as the death of a developer in the
Russo-Ukrainian war, court documents[4]
show that it was indeed Sokolovsky’s arrest and the subsequent
dismantling of the malware’s infrastructure by Italian and Dutch
authorities that led to the temporary shutdown.
That said, a second version of Raccoon Stealer written in C/C++
has since begun circulating on underground forums as of June 2022,
with its authors touting the tool’s ease of use.
“It is so fast and simple that with its help it will not be
difficult for a child to learn how to process logs,” the cybercrime
gang posted[5]
in a message shared on its Telegram channel in May.
According to the U.S. Federal Bureau of Investigation (FBI), the
malware is estimated to have facilitated the theft of 50 million
unique credentials and forms of identification (e.g., email
addresses, bank accounts, cryptocurrency addresses, and credit card
numbers) from millions of victims globally.
The credentials allegedly consist of over four million email
addresses, prompting the FBI to launch a website raccoon.ic3[.]gov[6]
to help users check if their email addresses show up in the Raccoon
Stealer data.
Sokolovsky has been charged with one count of conspiracy to
commit computer fraud and related activity in connection with
computers; one count of conspiracy to commit wire fraud; one count
of conspiracy to commit money laundering; and one count of
aggravated identity theft.
If proven guilty, the defendant faces a maximum penalty of 20
years in prison for the wire fraud and money laundering offenses,
five years for the conspiracy to commit computer fraud charge, and
a mandatory consecutive two-year term for the aggravated identity
theft offense.
“This type of malware feeds the cybercrime ecosystem, harvesting
valuable information and allowing cyber criminals to steal from
innocent Americans and citizens around the world,” U.S. Attorney
Ashley C. Hoff said.
References
- ^
Raccoon
Stealer (thehackernews.com) - ^
said
(www.justice.gov) - ^
most
prolific information stealers
(blog.sekoia.io) - ^
court
documents (www.justice.gov) - ^
posted
(medium.com) - ^
raccoon.ic3[.]gov
(raccoon.ic3.gov)
Read more https://thehackernews.com/2022/10/us-charges-ukrainian-hacker-over-role.html